Take the Pledge

Data has no ethics. Data doesn't care how it's used. But the use and misuse of data has become the critical issue for today's information-intensive enterprise. Who owns the data? Who is responsible for its management? Who is the guarantor of its integrity? CIOs, the guardians of business data, need a code to guide them.

All it took was one e-mail from an irate customer for Saab Cars USA CIO Jerry Rode to realise he had a developing public relations fiasco on his hands.

In 1999, Saab hired four Internet marketing companies to send customers information about Saab's new models. And although the auto company had specified that the program be opt-in (meaning it would e-mail only the people who had agreed to receive such mail), one of the marketing companies apparently had a different definition of opt-in. And that meant one ticked-off customer, with more potentially on the way.

Rode fired the errant marketing company and immediately developed a formal policy surrounding the use of customer data. "The customer doesn't see ad agencies and contracted marketing firms. They see Saab USA spamming them," he says. "Finger-pointing after the fact won't make your customers feel better."

As Rode learned to his chagrin, data itself doesn't care how it's used. It will not stop itself from spamming customers or sharing personal, identifying details with third parties. It cannot decide to delete or preserve itself. Therefore, it falls on the shoulders of those who lord over ever larger terabytes of data - the CIOs - to develop ethical guidelines on how to manage it.

But most CIOs have not picked up the gauntlet. There are any number of reasons why. For one, the stuff is hard. The issue traps CIOs between two rather loathsome roles in the company - the bad guy or the fall guy. Either the CIO stops marketers from using data for purposes some customers are not comfortable with, thereby damming potential revenue streams. Or the CIO imparts no ethical code and is left to explain why the company has allowed a customer's data to be exploited. Similarly, the CIO can tell the CEO what he can and cannot do with the company's data, thereby putting his own job in jeopardy. Or he can go along and run the risk of finding himself culpable for some misuse of data.

No matter what the situation, ad hoc decision making on data ethics isn't viable any more. CIOs must start a meaningful conversation about ethics at their company. Hard money is at stake here. Companies such as DoubleClick and Qwest Communications, which were both forced to pull back from controversial plans to share customer data with other companies, saw their stock prices plummet. Soft money is at stake too. Brands such as Saab Cars USA stand to suffer incalculable losses when customers feel violated. Data ethics is not just a moral issue; it's the intersection of business and morality. And if the CIO doesn't take the lead, then someone else - like the customer or the government - will.

The goal here is to explain why CIOs need a code of ethics when it comes to data management, and then to propose such a code .

Rode, for one, is all for it. "I don't see ducking the problem and blaming it on marketing or saying something slipped by as the answer," he says. "I see this as the CIO's responsibility. We need to take ownership of the problem and develop some rules."

More about ACTAndersenAndersenArthur AndersenAT&TAT&TAT&T WirelessBillionCreativeDepartment of DefenceDoubleClickEnronEquifaxFederal Communications CommissionHISInovantIslandMastercardMayo ClinicQwestQwest CommunicationsSaabUS Federal Communications CommissionVIAVisa